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AMENDMENTS TO THE CLAIMS 

1 . (Original) A system, comprising: 
a crypto-processor; and 

a memory coupled to receive memory transactions through the crypto-processor, wherein the 
memory transactions are passed to the memory by the crypto-processor. 

2. (Original) The system of claim 1, wherein the crypto-processor includes a memory 
permission table that maps at least a portion of the memory; and wherein the crypto- 
processor is configured to pass the memory transactions to the memory if the memory 
access is indicated as allowed by the memory permission table. 

3. (Original) The system of claim 2, wherein the crypto-processor is configured to pass the 
memory transactions to the memory only if the memory access is indicated as allowed by 
the memory permission table. 

4. (Original) The system of claim 1, further comprising: 

a device different from the crypto-processor, wherein the device is configured to request the 
memory transactions passed to the memory by the crypto-processor. 

5. (Currently Amended) The system of claim 4 ([1 ]], further comprising: 
abridge; 

a first bus coupled between the device and the bridge; and 

a second bus coupled between the bridge and the crypto-processor. 
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6. (Currently Amended) The system of claim 4 [[1]], wherein the crypto-processor includes 
a secret; and wherein the crypto-processor is configured to demand an authorization 
before passing the memory access to the memory, wherein the authorization comprises an 
indication from the device of the secret. 

7. (Original) The system of claim 6> wherein the indication of the secret comprises a correct 
response to a challenge-response authentication. 

8. (Original) The system of claim 1 , wherein the memory comprises a ROM. 

9. (Original) The system of claim 8, wherein the ROM comprises a BIOS ROM. 

10. (Original) The system of claim 1, wherein the memory comprises a flash memory. 

11. (Original) The system of claim 1, wherein the crypto-processor and the memory are 
integrated into a protected storage device, the protected storage device comprising: 

one or more storage areas; 

logic for controlling access to the one or more storage areas; 
a random number generator; and 
a secret. 
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12. (Original) The system of claim ll s wherein the one or more storage areas comprises a 
data storage and a code storage* 

13. (Original) The system of claim 12, wherein the secret is comprised within the code 
storage. 

1 4. (Original) The system of claim 1 , wherein the memory comprises a protected storage, the 
protected storage comprising: 

one or more storage areas; 

logic for controlling access to the one or more storage areas; and 
a secret 

1 5. (Original) The system of claim 14, wherein the one or more storage areas comprise a data 
storage and a code storage. 

16. (Original) The system of claim 15, wherein the secret is comprised within the code 
storage. 

1 7. (Original) The system of claim i, wherein the memory further includes a secret. 
18-19. (Canceled) 
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20. (Original) A method of operating a computer system, the computer system including a 
crypto-processor, and a storage device, the method comprising: 

transmitting a request for a memory transaction for a storage location in the storage device; 
receiving the request for the memory transaction at the crypto-processor; 
determining if the memory transaction is authorized for the storage location; 
passing the request for the memory transaction to the storage device if the memory transaction is 
authorized for the storage location* 

21. (Original) The method of claim 20, wherein passing the request for the memory 
transaction to the storage device if the memory transaction is authorized for the storage location 
comprises passing the request for the memory transaction to the storage device only if the 
memory transaction is authorized for the storage location, 

22. (Original) The method of claim 20, wherein the crypto-processor includes a memory 
permission table that maps at least a portion of the storage locations in the storage device; 
and wherein determining if the memory transaction is authorized for the storage location 
comprises determining if the memory permission table includes an indication that the 
memory transaction at the storage location is allowed. 

23-24. (Canceled) 

25. (Original) The method of claim 21, wherein the computer system further comprises a 
bridge, a first bus coupled between the device and the bridge, and a second bus coupled 
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between the bridge and the crypto-processor, wherein transmitting the request for the 
memory transaction for the storage location in the storage device further comprises: 
transmitting the request for the memory transaction for the storage location in the storage 

device over the first bus; 
receiving the request for the memory transaction for the storage location in the storage 

device from the first bus; and 
transmitting the request for the memory transaction for the storage location in the storage 

device over the second bus, 

26. (Original) The method of claim 21, wherein the storage device comprises a memory; 
wherein transmitting a request for a memory transaction for a storage location in the 
storage device comprises transmitting the request for the memory transaction for a 
memory location in the memory; wherein determining if the memory transaction is 
authorized for the storage location comprises determining if the memory transaction is 
authorized for the memory location; and wherein passing the request for the memory 
transaction to the storage device only if the memory transaction is authorized for the 
storage location comprises passing the request for the memory transaction to the memory 
only if the memory transaction is authorized for the memory location. 

27. (Original) The method of claim 26, wherein the memory comprises a ROM; wherein 
transmitting the request for the memory transaction for a memory location in the memory 
comprises transmitting the request for the memory transaction for a memory location in 
the ROM; and wherein passing the request for the memory transaction to the memory 
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only if the memory transaction is authorized for the memory location comprises passing 
the request for the memory transaction to the ROM only if the memory transaction is 
authorized for the memory location . 

28. (Original) The method of claim 27, wherein the memory comprises a flash memory; 
wherein transmitting the request for the memory transaction for a memory location in the 
memory comprises transmitting the request for the memory transaction for a memory 
location in the flash memory; and wherein passing the request for the memory transaction 
to the memory only if the memory transaction is authorized for the memory location 
comprises passing the request for the memory transaction to the flash memory only if the 
memory transaction is authorized for the memory location . 

29. (Original) The method of claim 21, wherein the computer system further includes a 
device different from the crypto-processor; and wherein transmitting the request for the 
memory transaction for the storage location in the storage device comprises the device 
initiating the request for the memory transaction for the storage location in the storage 
device. 

30. (Original) The method of claim 29, wherein the crypto-processor includes a secret; and 
wherein determining if the memory transaction is authorized for the storage location 
comprises demanding an authorization from the device initiating the request, wherein the 
authorization comprises an indication from the device of the secret. 
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31. (Original) The method of claim 30, wherein the indication of the secret comprises a 
correct response to a challenge-response authentication; and wherein demanding an 
authorization from the device initiating the request comprises providing a challenge to the 
device, and the device providing the correct response to the challenge. 

32. (Original) The method of claim 31, wherein the storage device comprises a protected 
storage, comprising one or more storage areas, logic for controlling access to the one or 
more storage areas, and a secret, wherein the one or more storage areas includes the 
storage location; wherein transmitting the request for the memory transaction for the 
storage location in the storage device comprises transmitting the request for the memory 
transaction for the storage location in the protected storage; and wherein passing the 
request for the memory transaction to the storage device only if the memory transaction is 
authorized for the storage location comprises passing the request for the memory 
transaction to the protected storage only if the memory transaction is authorized for the 
storage location; the method further comprising: 

receiving the request for the memory transaction at the logic; 
verify the authorization using the logic and the secret; and 

passing the request for the memory transaction an appropriate one of the one or more storage 
areas, \ 

33. (Withdrawn) A system, comprising: 
a first processor; 

a second processor coupled to the first processor; and 
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a storage device operably coupled to the first processor through the second processor; 
wherein the second processor is configured to control access to the storage device. 

34. (Withdrawn) The system of claim 33, further comprising: 

a bridge coupled between the first processor and the second processor- 

35. (Withdrawn) The system of claim 34, further comprising; 

a second bridge coupled between the bridge and the second processor. 

36. (Withdrawn) The system of claim 35 3 further comprising: 

a bus that couples the second bridge and the second processor, wherein the second bridge and 
second processor each include bus Interface logic configured to master the bus. 

37. (Withdrawn) The system of claim 33, wherein the second processor is a general purpose 
processor configured as a crypto-processor- 

38. (Withdrawn) The system of claim 33, wherein the second processor is a crypto-processor 

39. (Withdrawn) The system of claim 33, wherein the storage device is a memory. 

40. (Withdrawn) The system of claim 39, wherein the memory is a ROM. 

41 . (Withdrawn) The system of claim 39, wherein the memory is a flash memory. 
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42. (Withdrawn) The system of claim 33, wherein the storage device is a hard drive. 

43. (Withdrawn) The system of claim 33, wherein the storage device is an optical drive. 

44. (Withdrawn) The system of claim 33, wherein the storage device comprises a 
semiconductor storage device or a magnetic storage device. 

45. (Withdrawn) The system of claim 33, wherein the second processor is further configured 
to understand address mapping for the memory. 

46. (Withdrawn) The system of claim 33, wherein the second processor implements a 
chaJlenge- 

response mechanism to authenticate memory accesses to the memory. 

47. (Withdrawn) The system of claim 46, wherein the second processor includes: 
at least one register configured to store a secret value; and 

a random number generator. 

48. (Withdrawn) The system of claim 47, wherein the storage device stores the secret value. 
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49. (Withdrawn) The system -of claim 48, wherein, at boot time, the first processor is 
configured with the secret value, allowing the first processor to access the storage device 
through the second processor. 

50. (Withdrawn) A method for operating a computer system, comprising a requesting device, 
a storage device, and a security device, wherein the requesting device is operably coupled 
to the storage device through the security device, the method comprising: 

receiving a transaction request for a storage location associated with the storage device from the 
requesting device; 

determining if the requesting device is authorized to access the storage device; and 
mapping the storage location in the transaction request according to the address mapping of the 
storage device if the requesting device is authorized to access the storage device. 

5 1 . (Withdrawn) The method of claim 50, further comprising: 
completing the transaction request. 

52. (Withdrawn) The method of claim 50, wherein the requesting device is a processor, 
wherein receiving a transaction request for a storage location associated with the storage device 
from the requesting device comprises receiving a transaction request for a storage location 
associated with the storage device from the processor, wherein determining if the requesting 
device is authorized to access the storage device comprises determining if the processor is 
authorized to access the storage device, and wherein mapping the storage location in the 
transaction request according to the address mapping of the storage device if the requesting 



PAGE 12/27 ' RCVD AT 21212005 9:40:20 AM [Eastern Standard Time] ' SVRiUSPTO-EFXRM/O ' DNIS:8729306 * CS1D:7139347011 ' DURATION (mm-ss):06-32 



02/02/2005 09:36 UIMA -> 17038729306 



NO. 161 013 



device is authorized to access the storage device comprises mapping the storage location in the 
transaction request according to the address mapping of the storage device if the processor is 
authorized to access the storage device. 

53. (Withdrawn) The method of claim 50, wherein the storage device comprises a memory; 
wherein receiving a transaction request for a storage location associated with the storage device 
from the requesting device comprises receiving a transaction request for a memory location 
associated with the memory from the requesting device; wherein determining if the requesting 
device is authorized to access the storage device comprises determining if the requesting device 
is authorized to access the memory; and wherein mapping the storage location in the transaction 
request according to the address mapping of the storage device if the requesting device is 
authorized to access the storage device comprises mapping the memory location in the 
transaction request according to the address mapping of the memory if the requesting device is 
authorized to access the memory. 

54. (Withdrawn) The method of claim 50, wherein the storage device comprises a hard drive; 
wherein receiving a transaction request for a storage location associated with the storage 
device from the requesting device comprises receiving a transaction request for a storage 
location associated with the hard drive from the requesting device; wherein determining 
if the requesting device is authorized to access the storage device comprises determining 
if the requesting device is authorized to access the hard drive; and wherein mapping the 
storage location in the transaction request according to the address mapping of the 
storage device if the requesting device is authorized to access the storage device 
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comprises mapping the storage location in the transaction request according to the 
address mapping of the hard drive if the requesting device is authorized to access the hard 
drive. 

55. (Withdrawn) The method of claim 50, wherein determining if the requesting device is 
authorized to access the storage device comprises the security device determining if the 
requesting device is authorized to access the storage device; and wherein mapping the 
storage location in the transaction request according to the address mapping of the 
storage device if the requesting device is authorized to access the storage device 
comprises the security device mapping the storage location in the transaction request 
according to the address mapping of the storage device if the security device determines 
that the requesting device is authorized to access the storage device. 

56. (Withdrawn) The method of claim 55, wherein the security device is a crypto-processor; 
wherein the security device determining if the requesting device is authorized to access 
the storage device comprises the crypto-processor determining if the requesting device is 
authorized to access the storage device; and wherein the security device mapping the 
storage location in the transaction request according to the address mapping of the 
storage device if the security device determines that the requesting device is authorized to 
access the storage device comprises the crypto-processor mapping the storage location in 
the transaction request according to the address mapping of the storage device if the 
crypto-processor determines that the requesting device is authorized to access the storage 
device. 
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57. (Withdrawn) The method of claim 50, wherein determining if the requesting device is 
authorized to access the storage device comprises: 

providing a challenge in response to receiving the transaction request; 
receiving a response to the challenge; and 

determining if the response to the challenge is equal to an expected response. 

58. (Withdrawn) A computer system comprising: 
means for storing a plurality of values; 

means for controlling access to the means for storing the plurality of values; 

means for requesting one or more of the plurality of values from the means for storing the 
plurality of values, wherein the means for controlling access to the means for storing the 
plurality of values is operably coupled between the means for storing a plurality of values 
and the means for requesting one or more of the plurality of values, 

59. (Original) A computer readable program storage device encoded with instructions that, 
when executed by a computer system including a crypto-processor, and a storage device, 
performs a method of operating the computer system, the method comprising; 

transmitting a request for a memory transaction for a storage location in the storage device; 
receiving the request for the memory transaction at the crypto-processor; 
determining if the memory transaction is authorized for the storage location; 
passing the request for the memory transaction to the storage device if the memory transaction is 
authorized for the storage location. 
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60. (Original) The computer readable program storage device of claim 59, wherein passing 
the request for the memory transaction to the storage device if the memory transaction is 
authorized for the storage location comprises passing the request for the memory transaction to 
the storage device only if the memory transaction is authorized for the storage location, 

61. (Original) The computer readable program storage device of claim 59, wherein the 
crypto-processor includes a memory permission table that maps at least a portion of the 
storage locations in the storage device; and wherein determining if the memory 
transaction is authorized for the storage location comprises determining if the memory 
permission table includes an indication that the memory transaction at the storage 
location is allowed 

62-63. (Canceled) 

64. (Original) The computer readable program storage device of claim 60, wherein the 
computer system further comprises a bridge, a first bus coupled between the device and 
the bridge, and a second bus coupled between the bridge and the crypto-processor, 
wherein transmitting the request for the memory transaction for the storage location in 
the storage device further comprises: 

transmitting the request for the memory transaction for the storage location in the storage 
device over the first bus; 
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receiving the request for the memory transaction for the storage location in the storage 

device from the first bus; and 
transmitting the request for the memory transaction for the storage location in the storage 

device over the second bus. 

65. (Original) The computer readable program storage device of claim 60, wherein the 
storage device comprises a memory; wherein transmitting a request for a memory 
transaction for a storage location in the storage device comprises transmitting the request 
for the memory transaction for a memory location in the memory; wherein determining if 
the memory transaction is authorized for the storage location comprises determining if 
the memory transaction is authorized for the memory location; and wherein passing the 
request for the memory transaction to the storage device only if the memory transaction is 
authorized for the storage location comprises passing the request for the memory 
transaction to the memory only if the memory transaction is authorized for the memory 
location. 

66. (Original) The computer readable program storage device of claim 65, wherein the 
memory comprises a ROM; wherein transmitting the request for the memoty transaction 
for a memory location in the memory comprises transmitting die request for the memory 
transaction for a memory location in the ROM; and wberein passing the request for the 
memory transaction to the memory only if the memory transaction is authorized for the 
memory location comprises passing the request for the memory transaction to the ROM 
only if the memory transaction is authorized for the memory location . 



PAGE 17/27 1 RCVD AT 2/212005 9:40:20 AM [Eastern Standard Time] 1 SHPTO-EFXRF-1/0 ' DNIS:8729306 ' CSH):7139347011 * DURATION (mm-ss):06-32 



02/02/2005 09:36 UIMA -> 17038729306 NO. 161 PIG 



67. (Original) The computer readable program storage device of claim 65, wherein the 
memory comprises a flash memory; wherein transmitting the request for the memory 
transaction for a memory location in the memory comprises transmitting the request for 
the memory transaction for a memory location in the flash memory; and wherein passing 
the request for the memory transaction to the memory only if the memory transaction is 
authorized for the memory location comprises passing the request for the memory 
transaction to the flash memory only if the memory transaction is authorized for the 
memory location . 

68. (Original) The computer readable program storage device of claim 60, wherein the 
computer system further includes a device different from the crypto-processor; and 
wherein transmitting the request for the memory transaction for the storage location in 
the storage device comprises the device initiating the request for the memory transaction 
for the storage location in the storage device. 

69. (Original) The computer readable program storage device of claim 68, wherein the 
crypto-processor includes a secret; and wherein determining if the memory transaction is 
authorized for the storage location comprises demanding an authorization from the device 
initiating the request, wherein the authorization comprises an indication from the device 
of the secret. 
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70. (Original) The computer readable program storage device of claim 69, wherein the 
indication of the secret comprises a correct response to a challenge-response 
authentication; and wherein demanding an authorization from the device initiating the 
request comprises providing a challenge to the device, and the device providing the 
correct response to the challenge. 

71- (Original) The computer readable program storage device of claim 70, wherein the 
storage device comprises a protected storage, comprising one or more storage areas, logic 
for controlling access to the one or more storage areas, and a secret, wherein the one or 
more storage areas includes the storage location; wherein transmitting the request for the 
memory transaction for the storage location in the storage device comprises transmitting 
the request for the memory transaction for the storage location in the protected storage; 
and wherein passing the request for the memory transaction to the storage device only if 
the memory transaction is authorized for the storage location comprises passing the 
request for the memory transaction to the protected storage only if the memory 
transaction is authorized for the storage location; the method further comprising; 

receiving the request for the memory transaction at the logic; 

verify the authorization using the logic and the secret; and 

passing die request for the memory transaction an appropriate one of the one or more storage 
areas, 

72. (Withdrawn) A computer readable program storage device encoded with instructions that, 
when executed by a computer, performs a method of operating a computer system 
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comprising a requesting device, a storage device, and a security device, wherein the 
requesting device is operably coupled to the storage device through the security device, 
the method comprising: 

receiving a transaction request for a storage location associated with the storage device from the 
requesting device; 

determining if the requesting device is authorized to access the storage device; and 
mapping the storage location in the transaction request according to the address mapping of the 
storage device if the requesting device is authorized to access the storage device* 



73, (Withdrawn) The computer readable program storage device of claim 72, the method 
further comprising: 

completing the transaction request. 

74. (Withdrawn) The computer readable program storage device of claim 72, wherein the 
requesting device is a processor, wherein receiving a transaction request for a storage location 
associated with the storage device from the requesting device comprises receiving a transaction 
request for a storage location associated with the storage device from the processor, wherein 
determining if the requesting device is authorized to access the storage device comprises 
determining if the processor is authorized to access the storage device, and wherein mapping the 
storage location in the transaction request according to the address mapping of the storage device 
if the requesting device is authorized to access the storage device comprises mapping the storage 
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location in the transaction request according to the address mapping of the storage device if the 
processor is authorized to access the storage device. 

75. (Withdrawn) The computer readable program storage device of claim 72, wherein the 
storage device comprises a memory; wherein receiving a transaction request for a storage 
location associated with the storage device from the requesting device comprises receiving a 
transaction request for a memory location associated with the memory from the requesting 
device; wherein determining if the requesting device is authorized to access the storage device 
comprises determining if the requesting device is authorized to access the memory; and wherein 
mapping the storage location in the transaction request according to the address mapping of the 
storage device if the requesting device is authorized to access the storage device comprises 
mapping the memory location in the transaction request according to the address mapping of the 
memory if the requesting device is authorized to access the memory. 

76. (Withdrawn) The computer readable program storage device of claim 72, wherein the 
storage device comprises a hard drive; wherein receiving a transaction request for a 
storage location associated with the storage device from the requesting device comprises 
receiving a transaction request for a storage location associated with the hard drive from 
the requesting device; wherein determining if the requesting device is authorized to 
access the storage device comprises determining if the requesting device is authorized to 
access the hard drive; and wherein mapping the storage location in the transaction request 
according to the address mapping of the storage device if the requesting device is 
authorized to access the storage device comprises mapping the storage location in the 
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transaction request according to the address mapping of the hard drive if the requesting 
device is authorized to access the hard drive, 

77. (Withdrawn) The computer readable program storage device of claim 72, wherein 
determining if the requesting device is authorized to access the storage device comprises 
the security device determining if the requesting device is authorized to access the 
storage device; and wherein mapping the storage location in the transaction request 
according to the address mapping of the storage device if the requesting device is 
authorized to access the storage device comprises the security device mapping the storage 
location in the transaction request according to the address m apping of the storage device 
if the security device determines that the requesting device is authorized to access the 
storage device. 

78. (Withdrawn) The computer readable program storage device of claim 77, wherein the 
security device is a crypto-processor; wherein the security device determining if the 
requesting device is authorized to access the storage device comprises the crypto- 
processor determining if the requesting device is authorized to access the storage device; 
and wherein the security device mapping the storage location in the transaction request 
according to the address mapping of the storage device if the security device determines 
that the requesting device is authorized to access the storage device comprises the crypto- 
processor mapping the storage location in the transaction request according to the address 
mapping of the storage device if the crypto-processor determines that the requesting 
device is authorized to access the storage device. 



PAGE 22/27 ' RCVD AT 2ffl2o¥W0:20 AM [Eastern Standard Time] * SVR:USPTMFXRHfO * DNIS:8729306 » CS(D:7139347011 * DURATION (mm-ss):06-32 



02/02/2005 09:36 LJMA -» 1703B729306 



NO. 161 P23 



79. (Withdrawn) The computer readable program storage device of claim 72, wherein 
determining if the requesting device is authorized to access the storage device comprises: 

providing a challenge in response to receiving the transaction request; 

receiving a response to the challenge; and 

determining if the response to the challenge is equal to an expected response. 
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